Download presentation
Presentation is loading. Please wait.
Published byAvice Lang Modified over 9 years ago
1
Lecture 13 Secret Sharing Schemes and Game
2
Secret sharing schemes are multi-party protocols related to key establishment. The original motivation for secret sharing was the following. To safeguard cryptographic keys from loss, it is desirable to create backup copies. The greater the number of copies made, the greater the risk of security exposure; the smaller the number, the greater the risk that all are lost. Secret sharing schemes address this issue by allowing enhanced reliability without increased risk.
3
One of the major contributions of modern cryptography has been the development of advanced protocols. These protocols enable users to electronically solve many real world problems, play games, and accomplish all kinds of intriguing and very general distributed tasks. The goal of this lecture is to give a brief introduction to flipping coins and mental poker over the telephone.
4
Outline Scenarios for Secret Sharing Secret Splitting Threshold Schemes Flipping Coins over the Telephone Poker over the Telephone
5
1 Scenarios for Secret Sharing 1.1 For Secret Splitting Imagine that you ’ ve invented a new, extra gooey, extra sweet, cream filling or a burger sauce that is even more tasteless than your competitors ’. This is important; you have to keep it secret. You could tell only your most trusted employees the exact mixture of ingredients, but what if one of them defects to the competition? There goes the secret, and before long every grease palace on the block will be making burgers with sauce as tasteless as yours.
6
This calls for secret splitting. There are ways to take a message and divide it up into pieces. Each piece by itself means nothing, but put them together and the message appears. If the message is the recipe and each employee has a piece, then only together can they make the sauce. If any employee resigns with his single piece of the recipe, his information is useless by itself.
7
However, it has a problem: If any of the pieces gets lost, so does the message. If one employee, who has a piece of the sauce recipe, goes to work for the competition and takes his piece with him, the rest of them are out of luck. He can ’ t reproduce the recipe, but neither can work together. His piece is as critical to the message as every other piece combined.
8
1.2 For Threshold Schemes You ’ re setting up a launch program for a nuclear missile. You want to make sure that no single raving lunatic can initiate a launch. You want at least three out of five officers to be raving lunatics before you allow a launch. This is easy to solve. Make a mechanical launch controller. Give each of the five officers a key and require that at least three officers stick their keys in the proper slots before you ’ ll allow them to blow up whomever we're blowing up this week.
9
We can get even more complicated. Maybe the general and two colonels are authorized to launch the missile, but if the general is busy playing golf then five colonels are required to initiate a launch. Make the launch controller so that it requires five keys. Give the general three keys and the colonels one each. The general together with any two colonels can launch the missile; so can the five colonels. However, a general and one colonel cannot; neither can four colonels.
10
A more complicated sharing scheme, called a threshold scheme, can do all of this and more — mathematically. At its simplest level, you can take any message (a secret recipe, launch codes, your laundry list, etc.) and divide it into n pieces, called shares or shadows, such that any m of them can be used to reconstruct the message.
11
One can divide his secret sauce recipe among Alice, Bob, Carol, and Dave, such that any three of them can put their shadows together and reconstruct the message. If Carol is on vacation, Alice, Bob, and Dave can do it. If Bob gets run over by a bus, Alice, Carol, and Dave can do it. However, if Bob gets run over by a bus while Carol is on vacation, Alice and Dave can't reconstruct the message by themselves.
12
2 Secret Splitting 2.1 Dual Control by Modular Addition
13
2.1 Dual Control by Modular Addition (Continued)
14
2.2 Unanimous Consent Control by Modular Addition
15
2.2 Unanimous Consent Control by Modular Addition (Continued)
16
3 Threshold Schemes
18
3.1 Shamir ’ s Threshold Scheme
19
3.1 Shamir ’ s Threshold Scheme (Continued)
27
3.2 Vector Scheme
28
3.2 Vector Scheme (Continued)
33
3.3 Secret Sharing with Cheaters Colonels Alice, Bob, and Carol are in a bunker deep below some isolated field. One day, they get a coded message from the president: “ Launch the missiles. We ’ re going to eradicate the last vestiges of neural network research in the country. ” Alice, Bob, and Carol reveal their shares, but Carol enters a random number. She ’ s actually a pacifist and doesn't want the missiles launched. Since Carol doesn't enter the correct share, the secret they recover is the wrong secret. The missiles stay in their silos. Even worse, no one knows why.
34
3.3 Secret Sharing with Cheaters (Continued)
38
4 Flipping Coins over the Telephone 4.1 Scenario A friend, not realizing that Alice and Bob are no longer together, leaves them a car in his will. How do they decide who gets the car? Bob phones Alice and says he ’ ll flip a coin. Alice chooses “ tails ” but Bob says “ sorry, it was heads. ” So Bob gets the car. For some reason, Alice suspects Bob might not have been honest. She resolves that the next time this happens, she'll use a different method.
39
4.2 A Problem Solution Here is a thought. Alice picks a random bit b 1 and sends it to Bob, and Bob picks a random bit b 2 and sends it to Alice, and the value of the coin is b 1 b 2. The problem is who goes first. If Alice goes first, Bob will choose b 2 to make the coin whatever he wants. Not fair.
40
4.3 Requirements for Fair Flipping Coin (1) Bob must flip the coin before Alice guesses. (2) Bob must not be able to re-flip the coin after hearing Alice ’ s guess. (3) Alice must not be able to know how the coin landed before making her guess.
41
4.4 Flipping Coin Using Square Roots
42
Alice Bob 4.4 Flipping Coin Using Square Roots (Continued)
48
5 Poker over the Telephone A protocol similar to the fair flipping coin protocol allows Alice and Bob to play poker with each other over the telephone. Instead of Bob making two messages, one for “ Heads ” and one for “ Tails ”, he makes 52 numbers, c 1, c 2,..., c 52, one for each card in the deck. How to make sure that no one has cheated?
49
5.1 Idea Bob encrypts the cards c 1, c 2,..., c 52 using his key and sends to Alice. Alice chooses five cards at random, encrypts them with her encrypted key, and then sends them back to Bob. Bob decrypts the cards and sends them back to Alice, who decrypts them to determine her hand. She then chooses five more cards at random and sends them back to Bob. Bob decrypts these and they become his hand.
50
5.1 Idea (Continued) During the game, additional cards can be dealt to either player by repeating the procedure. At the end of the game, Alice and Bob both reveal their cards and key pairs so that each can be assured that the other did not cheat.
51
5.2 Poker Based on Discrete Logarithm Problem
52
5.2 Poker Based on Discrete Logarithm Problem (Continued)
53
AliceBob 5.2 Poker Based on Discrete Logarithm Problem (Continued)
61
Thank you!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.